From fe1e64f2dc59ad21a7dc7724bc98e34a5fcfd0e2 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 21 Feb 2022 11:37:38 +0900
Subject: [PATCH] accept Argon2 as S2K specifier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/parse-packet.c | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 38cf44f6f..ec2cfe3c2 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1241,8 +1241,13 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     goto too_short;
   s2kmode = iobuf_get_noeof (inp);
   pktlen--;
-  hash_algo = iobuf_get_noeof (inp);
-  pktlen--;
+  if (s2kmode <= 3)
+    {
+      hash_algo = iobuf_get_noeof (inp);
+      pktlen--;
+    }
+  else
+    hash_algo = 0;
   switch (s2kmode)
     {
     case 0: /* Simple S2K.  */
@@ -1254,6 +1259,9 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     case 3: /* Iterated+salted S2K.  */
       minlen = 9;
       break;
+    case 4: /* Argon2.  */
+      minlen = 19;
+      break;
     default:
       log_error ("unknown S2K mode %d\n", s2kmode);
       if (list_mode)
@@ -1275,7 +1283,17 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
   k->cipher_algo = cipher_algo;
   k->aead_algo = aead_algo;
   k->s2k.mode = s2kmode;
-  k->s2k.u.s.hash_algo = hash_algo;
+  if (s2kmode == 4)
+    {
+      for (i = 0; i < 16 && pktlen; i++, pktlen--)
+	k->s2k.u.a.salt[i] = iobuf_get_noeof (inp);
+      k->s2k.u.a.t = iobuf_get_noeof (inp);;
+      k->s2k.u.a.m = iobuf_get_noeof (inp);;
+      k->s2k.u.a.p = iobuf_get_noeof (inp);;
+      pktlen -=3;
+    }
+  else
+    k->s2k.u.s.hash_algo = hash_algo;
   if (s2kmode == 1 || s2kmode == 3)
     {
       for (i = 0; i < 8 && pktlen; i++, pktlen--)
@@ -1295,7 +1313,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
       /* What we're watching out for here is a session key decryptor
          with no salt.  The RFC says that using salt for this is a
          MUST. */
-      if (s2kmode != 1 && s2kmode != 3)
+      if (s2kmode == 0)
 	log_info (_("WARNING: potentially insecure symmetrically"
 		    " encrypted session key\n"));
     }
@@ -1329,6 +1347,14 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
                         (ulong) k->s2k.u.s.count);
 	  es_fprintf (listfp, "\n");
 	}
+      else if (s2kmode == 4)
+	{
+	  es_fprintf (listfp, "\tsalt ");
+          es_write_hexstring (listfp, k->s2k.u.a.salt, 16, 0, NULL);
+          es_fprintf (listfp, ", t=%02x, m=%02x, p=%02x",
+                      k->s2k.u.a.t, k->s2k.u.a.m, k->s2k.u.a.p);
+	  es_fprintf (listfp, "\n");
+	}
     }
 
  leave: